Posted
by
Soulskill
on Friday September 06, 2013 @09:40AM
from the i-know-what-you-googled-last-summer dept.

Rob @CmdrTaco Malda writes
"I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."

Indeed. And accessing using HTTPS isn't even guaranteeing anything in this browser since the proxy service and the browser is provided by the same party, so they can trivially add their own CA and sign certificates for whatever sites they want.

Wrong, Firefox is open source. IceWeasel exists to allow the Debian developers to backport security fixes to the stable version in the Debian repositories and avoid Mozilla's trademark restrictions on the use of Firefox's logo and name. All of the code that makes up what Mozilla officially considers Firefox is freely licensed.

I don't know if things have changed much, but their fairly thorough review seems to indicate firefox and chrome are pretty similar.Looking at their table, one possible area of concern they listed (that Chrome might no longer have a problem with) is zoom level.That could give information to a site that it is the same person, if they cared, although, that seems to be a pretty minor leak, given all the other information you could be revealing even if you hid your IP (a la panopticlick).Looks like Chrome retains it from the non-private session, Firefox does not. The download list thing doesn't seem like a big deal. Depends on what you're using it for I guess.

Uhhh...Comodo is an Indian company that does enterprise security products, don't know where you got your info from. they have a branch in the USA but more large corps do, that don't make 'em a US company.

I've personally been using them a couple of years now and have yet to see their browsers send a single bit of data I didn't specifically authorize and I do check my logs. If you opt in for their secure DNS then your DNS will naturally go through their servers (the same ones that they use for corporate deployments so its not like your data will be segregated, it'll be in the same pool as thousands of corps) and as far as their certs go? They had a break in, reported it to the public within a day and had the keys revoked upon finding out about the breach. personally I'd rather have a corp that admits when there is a breach, informs me, and then does everything they can to close the breach immediately than to have one that covers it up, but maybe that is just me. Again not like you don't have options and you can always build from source if none of them suit you.